Skip to content

External SSL Certificate

Overview

HySecure Gateway uses a self-signed certificate. Since the certificate is not signed by a well-known trusted Certificate Authority (CA), the Client connecting to Gateway through the browser is likely to receive a warning about the server not being trusted. To avoid this and make the connection from the Client to HySecure more secure, the administrator can use a certificate signed by a trusted CA.

Rather than using an internal Certificate Authority, you can generate a Certificate Signing Request to submit to a recognized 3rd party CA such as VeriSign.

  1. Generate Certificate Signing Request (CSR): Submit the CSR to a recognized CA like VeriSign to get a signed Digital Certificate in Privacy Enhanced Mail (PEM) format and root and intermediate CA certificates.
  2. Upload private key & Certificates in PEM format: The private key gets generated during CSR creation, and all Certificates are received from the CA, in PEM format.
  3. Restart HySecure for the certificate to take effect.

Generate Certificate Signing Request

  1. Log on to the Management console.

  2. Navigate to Settings > General Settings > SSL Certificate.

  3. Click Generate Certificate Signing Request (CSR).

  4. Enter the following details:

    Field Description
    Country Name Enter the 2-letter code for the country name e.g. for India - IN.
    State or Province Name Enter the complete state or province name.
    Locality Name Enter the locality or city name.
    Organization Name Enter the name of the organization of the CSR Client.
    Organization Unit Name Enter the department name of the organization.
    Common Name Enter your name or the server hostname.
    Email Address Enter your complete email address.
    Key Length Select the length of the key to be generated. The larger the key, the stronger the encryption will be, but it will take more processing time.

  5. Click Submit to create the CSR.

  6. Download the Private Key and Certificate Signing Request from the displayed page upon submission. Submit this information to the chosen Certificate Authority to retrieve the digital certificate along with the root and intermediate CA certificates.

Upload Private Key and Certificates

Once the certificates are received from the CA, upload them by following the steps below:

  1. Log on to the Management console.

  2. Navigate to Settings > Services Config > Gateway State and change the HySecure server to Configuration State.

  3. Navigate to Settings > General Settings > SSL Certificate.

  4. Click Upload Certificates in PEM Format.

  5. Copy and paste the certificate received in .pem format containing the public key.

  1. Copy the root CA certificate and intermediate CA certificates, if any.

    Warning

    The certificate of intermediate CA should be on top, followed by its root CA cert.

  2. Copy the Private Key that was created during the CSR creation.

  3. Click Submit.

Change HySecure Gateway State

Once the certificates are successfully applied, restart the Gateway from Settings > Services Config > Gateway State.